Why DivDat?

Filling a Need, Facilitating More Payments

As the payment world moves to on-line payments, 33% of US homes nationally do not have broadband internet, reducing the likelihood of making payments on-line. This leaves mail-in (at cost and effort), Interactive Voice Response (IVR) or in-person. Kiosks are a form of in-person payment including the following benefits:

  • Convenience - the locations are at places customers are: community centers, retail stores, government office service centers.
  • Users operate at their own pace
  • Transactions are conducted in private
  • Retailers are deploying kiosks to increase floor traffic from customers with cash-in-hand

One may think we are becoming a cash-less society. On the contrary, bank fees, rising credit card fees and so-called convenience fees are making cash the preferred payment method for people across social and economic strata and there is a growing trend for millennials to use cash to manage their spending habits.


60%

of millennials, ages 18-35 prefer to use cash instead of a debit/credit card because they feel:

  • They won’t spend what they don’t have
  • Can control their own cash
  • Utilize the envelope system
  • Hold onto cash longer because job security/ability to pay bills
  • Debit cards are ok but don’t want to swipe all the time

Filling a Need, Facilitating More Payments

As the payment world moves to on-line payments, 33% of US homes nationally do not have broadband internet, reducing the likelihood of making payments on-line. This leaves mail-in (at cost and effort), Interactive Voice Response (IVR) or in-person. Kiosks are a form of in-person payment including the following benefits:

  • Convenience - the locations are at places customers are: community centers, retail stores, government office service centers.
  • Users operate at their own pace
  • Transactions are conducted in private
  • Retailers are deploying kiosks to increase floor traffic from customers with cash-in-hand

One may think we are becoming a cash-less society. On the contrary, bank fees, rising credit card fees and so-called convenience fees are making cash the preferred payment method for people across social and economic strata and there is a growing trend for millennials to use cash to manage their spending habits.


60%

of millennials, ages 18-35 prefer to use cash instead of a debit/credit card


  • They won’t spend what they don’t have
  • Can control their own cash
  • Utilize the envelope system
  • Hold onto cash longer because job security/ability to pay bills
  • Debit cards are ok but don’t want to swipe all the time

Filling a Need, Facilitating More Payments

As the payment world moves to on-line payments, 33% of US homes nationally do not have broadband internet, reducing the likelihood of making payments on-line. This leaves mail-in (at cost and effort), Interactive Voice Response (IVR) or in-person. Kiosks are a form of in-person payment including the following benefits:

  • Convenience - the locations are at places customers are: community centers, retail stores, government office service centers.
  • Users operate at their own pace
  • Transactions are conducted in private
  • Retailers are deploying kiosks to increase floor traffic from customers with cash-in-hand

One may think we are becoming a cash-less society. On the contrary, bank fees, rising credit card fees and so-called convenience fees are making cash the preferred payment method for people across social and economic strata and there is a growing trend for millennials to use cash to manage their spending habits.


60%

of millennials, ages 18-35, prefer to use cash instead of a debit/credit card because they feel:

  • They won’t spend what they don’t have
  • Can control their own cash
  • Utilize the envelope system
  • Hold onto cash longer because job security/ability to pay bills
  • Debit cards are ok but don’t want to swipe all the time

24%

19%

33%

28%

28%

17%

28%

18%

Households with working-age individuals with a disability

Hispanic Households

Black Households

Lower-Income households

Unbanked

Underbanked

Unbanked

Underbanked

Unbanked

Underbanked

Unbanked

Underbanked

Cash Preferred Households

Federal Deposit Insurance Corp: Analysis of underbanked or "cash preferred" Households

Households with working-age individuals with a disability

Underbanked

Unbanked

18%

28%

Hispanic Households

Underbanked

Unbanked

17%

28%

Black Households

Underbanked

Unbanked

20%

33%

Lower-Income households

Underbanked

Unbanked

19%

24%


The DivDat Kiosk Network is not only easy, secure and convenient for customers, but provides critical accessibility to underserved segments of the population - the unbanked and underbanked. These groups rely on cash transactions and are aided by our local, fee-free Kiosk Payment Solution.

Approximately 9.0 million U.S. households, made up of 15.6 million adults and 7.6 million children, were unbanked in 2015.
“Unbanked,” meaning that no one in the household had a checking or savings account.

Approximately 24.5 million U.S. households, composed of 51.1 million adults and 16.3 million children, were underbanked in 2015.
"Underbanked" meaning that the household had an account at an insured institution but also obtained financial services and products outside of the banking system.

Source: 2015 FDIC National Survey of Unbanked and Underbanked Households


Customers 'love' the DivDat Kiosk Network

In conducting focus groups and deep-dive interviews with customers in this unique demographic, the DivDat Team learned a great deal. We have coined a term: Propensity to Pay℠ meaning, that the small percentage of customers that billers have difficulty reaching and collecting payments from. Now, if there was an easier, better or more convenient way to pay, would they? The answer is a resounding yes! Without divulging any client confidentiality, we can say it gets even better. We have empirical data that these same customers, using the DivDat Kiosk Network, are making payments in a timely manner and a slice of this unique sector, are actually making advance payments!


Bridge the gap from Billers to Consumers

From a customer or “payer” perspective the DivDat Kiosk Network is empowering and provides people with control over their budgets and in their words: “peace of mind” and “freedom” after they have paid on the kiosk. We do not exaggerate and offer no hyperbole in stating that the most common phrase we hear from actual kiosk users is: “we love it.” Love, a machine? Love a kiosk whose sole function is to pay utility bills and taxes? That is the DivDat difference. That’s the DivDat secret sauce in turning a kiosk machine into a device that people love using to pay essential bills.


Management Oversight


The DivDat Quality Program incorporates a robust and comprehensive management oversight for customer service and support.

This includes:

  • 24/7 support hotline
  • Daily operational review
  • Weekly program operations status
  • Network operations oversight
  • Regular supplier reviews for network and data center, maintenance providers and cash-in-transit carriers.

Unique Online Dashboard

Our Kiosk Network makes it possible to quantitatively measure in a unique online dashboard:

  • Kiosk performance and functionality in real time
  • Any kiosk malfunction
  • Cash levels in each Kiosk down to numbers of each denomination
  • Kiosk usage by cash, check credit card
  • Location and time of all payments
  • Customer issues and resolution
  • Armored car cash pick-ups
  • Network Up Time
  • Data Center Up Time
  • Maintenance Response Times
  • Call hold times
  • Trending analysis for above

Security

DivDat’s Payment Gateway and network infrastructure is currently PCI DSS 3.2 Compliant. Sophisticated real-time validation of account numbers help to minimize errors. DivDat’s network infrastructure has been designed to support large-scale online merchants accessing banking profiles and document archives using 256bit TLS cipher suites in conjunction with SHA2 (2048bit or higher) certificates, which enables industry standard strong encryption for security.

DivDat adheres to national security standards such as:
  • Payment Card Industry Data Security Standards [PCI Compliance]
  • PCI DSS v3.2 Audited and complaint
  • National Institute of Standards and Technology [NIST]
  • Open Web Application Security Project [OWASP]
  • NACHA-The Electronic Payments Association [for ACH payments]

Security


Payment and Point-of-Service Applications, eServices, Web Archiving


DivDat’s Payment Gateway and network infrastructure is currently PCI DSS 3.2 Compliant. Sophisticated real-time validation of account numbers help to minimize errors. DivDat’s network infrastructure has been designed to support large-scale online merchants accessing banking profiles and document archives using 256bit TLS cipher suites in conjunction with SHA2 (2048bit or higher) certificates, which enables industry standard strong encryption for security.

DivDat’s enterprise servers are optimized and deployed using virtualization technology which provides a dynamic, reliable, and scalable platform. Where appropriate, High Availability architecture is utilized to enhance availability and resiliency of the DivDat operating environment.

DivDat employs stateful firewalls with appropriate ACL’s, logical segmentations and security controls. DivDat subscribes to real-time IDS and IPS monitoring services to ensure the availability and security of its infrastructure. Redundancy is built into carrier, hardware, and application elements of DivDat’s solutions to ensure fault tolerance and maximum uptime performance. These applications and services are located in one of DivDat’s data center facilities. Each facility has redundant carrier, power, and cooling systems. Facilities are secure and include features such as security gates, electronic monitoring, fire suppression, temperature monitoring, humidity monitoring, exterior lighting and badge-only access.

DivDat adheres to national security standards such as:
  • Payment Card Industry Data Security Standards [PCI Compliance]
  • PCI DS 3.2 Audited and complaiant
  • National Institute of Standards and Technology [NIST]
  • Open Web Application Security Project [OWASP]
  • NACHA-The Electronic Payments Association [for ACH payments]
  • Health Insurance Portability and Accountability Act of 1996 [HIPPA, Title II]
  • Identity Theft Prevention Program in accordance with the Federal Trade Commission's Red Flags Rule (“Rule”), which implements Section 114 of the Fair and Accurate Credit Transactions Act of 2003.
  • Threat management and intrusion detection subscription from industry leading service vendors providing additional layer of security.


Security Program Summary

DivDat has an established Data Retention and Destruction policy that is adhered to for the retention and destruction of client data. Exceptions to this policy may be defined per a client’s agreement and/or business rules.

Data Retention

  • Transient data can be stored for up to 30 days unless otherwise stated in customer SLA or customer contract.
  • Transient data that is to be stored must be done in a manner in which the data is encrypted under DivDat’s encryption standards, and must be stored in a secure location that is only accessible by authorized individuals.

Data Destruction

  • All transient data is to be electronically destroyed (by means that render the data unrecoverable) after being processed through DivDat’s internal systems, unless otherwise stated in the customer’s SLA or the customer’s contract with DivDat.
  • Data that has reached its defined storage period is to be permanently purged from the secure storage location in which it is housed by means that render the data unrecoverable.
  • Data that is to be stored after being processed will not be permitted to be moved to removable media or any other external sources unless explicitly requested by a customer.

DivDat has security monitoring in place that automatically sends alerts to our Network Administration staff whenever there is any suspicious activity occurring on the corporate firewalls, network infrastructure, hosted sites, endpoints and email system. Security appliances are monitored real-time for IDS, log monitoring and threat management by Alert Logic. If there is a confirmed incident, depending on the severity, the appropriate DivDat members will be notified by email and phone. Once the incident has been identified DivDat invokes our incident response plan through the completion of the remediation and post mortem process.

In the event of an outage, DivDat immediately notifies DivDat management and impacted clients which include a summary of the incident, time and date, estimated time of resolution, and description of impact. Notifications are sent to IT management and affected clients every hour until fully resolved.

DivDat has identified all mission critical applications that are required to be restored in the event of disaster recovery. To ensure that production services and data are protected in the event of a disaster, DivDat purchased and deployed an enterprise virtualization backup and replication software suite. The backup software suite allows the Infrastructure team to select from a variety of recovery options including instant virtual machine recovery, full restoration of a virtual machine from incremental or full backups, granular file level recovery and cross site replication of critical servers/services. Incremental backups are done daily and full backups are done every Saturday.

DivDat has different departments/personnel for almost every function. Network Operations, Programming, Print Operators, Mailroom, audit and supervision, etc. Everyone has the least amount of access necessary to complete their job. For instance, programmers cannot make changes to the network. Print operators cannot make changes to the program. Delivery drivers cannot print documents.
DivDat warrants and represents that personnel have been screened for the following immediately prior to placement: (1) illicit drug use as determined by a standard 5 Panel Drug Test; and (2) criminal background as determined by a standard background check that is designed to reveal any federal, state, or local felony crime of any nature, or any federal, state, or local non-traffic-related misdemeanor offense.

Vulnerability scanning (external and internal) is conducted by DivDat (through Alert Logic) on a weekly and monthly basis while DivDat’s QSA conducts vulnerability scanning (external) on a quarterly basis.

Penetration testing is conducted through DivDat’s QSA on an annual basis and is aligned with our PCI DSS assessment. Remediation of identified vulnerabilities is controlled by DivDat’s Change Management Process and is governed by DivDat’s Patch Management policy.

DivDat utilizes IBM BigFix for patch management and compliance/vulnerability assessments and reporting. Patches are grouped into baselines by type and severity. For patches that have been identified as mitigating serious security threats, these baselines will be applied as soon as possible with sensitivity to customer data processing. All others follow DivDat’s standard patching policy.

DivDat’s Access Control policy has been established to provide controlled access which will allow employees access to entrance doors, computer rooms, wiring closets, telephone rooms, finance and IT departments as their role requires.

All DivDat employees gain access to the office building, warehouse and production areas via an Access Badge (Badge) through an access control system. A proximity reader is positioned on the wall by all access controlled doors. To gain access through a door, an employee registers his or her Badge at the proximity reader. The light will turn from red to green and beep and the door will unlock. If an employee does not have authorized access to that door, it will not unlock.

Badges must be worn by all employees at all times while on the premises. When entering and leaving the facility, employees are required to register their badge with the proximity readers located by all outside doors. For safety reasons, DivDat must know which employees are in the building at all times. When an employee terminates employment with DDC, LLC, the Controller immediately disables access through the access control software. The Controller runs a user-access report at minimum on a quarterly to verify that all access is current.

Additional building security includes the use of security gates, electronic monitoring, fire suppression, temperature monitoring, humidity monitoring, CCTV camera system for both internal and external cameras, and exterior lighting.

DivDat can support a variety of encryption for transferring data to include: PGP, SFTP, IPSEC VPN tunnels and HTTPS – TLS communication. DivDat receives data files 24x7x365. The data file transfer method that we use is secure SFTP with the option of PGP encryption and SSH key exchange for enhanced security. DivDat follows best in practice industry standards as they relate to encryption and encrypted communication.
DivDat operates a Microsoft domain environment for its internal employees. Each employee has their own unique domain user account and password that is not shared with others. DivDat’s password group policy ensures that user passwords are strong by industry standards and rotate on a 90 day cycle. For web and archive services, DivDat forces the use of custom accounts based on our client’s business rules. Standard user account and password rules include the following:

  • Custom access levels
  • Custom password length
  • Custom usernames
  • MFA

DivDat’s scoped systems are protected with centrally managed anti-virus software to ensure the integrity of the systems and the data that they process. Anti-virus definitions are updated automatically as they are released by Symantec. Additionally, DivDat recommends that its clients at a minimum operate an industry standard anti-virus program for each client device that may access said utility.

DivDat’s latest online solutions utilize a common Login and Password service that adheres to the latest OWASP guidelines and includes multi-factor token challenge sent via a side channel (SMS or alt eMail address) and detailed logging. All sensitive login/password data is stored in an encrypted state.

For a minimum of 1 year DivDat will retain log data relevant to user access, user activity, account changes, account access, web service activity, server activity, firewall activity, network device activity and many other additional items. All log data is stored securely offsite with our log management provider, Alert Logic.

DivDat utilizes Microsoft’s Office 365 platform in conjunction with Fortimail for all of its corporate email communication. Leveraging features available through Office 365 and Fortimail such as Data Loss Prevention, Mobile Device Management, SPAM/malware filtering and inbound security rules, DivDat is able to protect and secure email communications both inbound and outbound.

Associations



DivDat is a proud member of the following associations and organizations:



Certifications



Our team members have extensive experience in using and deploying formal quality programs including ISO 9000, ISO 14000 processes, Six Sigma, Software Engineering Institute (SEI) and VOC (Voice of the Customer) formalized communication and tracking. DivDat has developed its own internal quality control and measurement program based on elements of international standards and has established quarterly User Advisory Group meetings with kiosk clients. Further, DivDat has conducted formal focus groups on the kiosk user experience to further refine the performance and functionality of the software and hardware deployed in DivDat kiosks making them the industry standard for processing of essential bills such as tax payments and utilities.


Image
 
 

Associations

DivDat is a proud member of the following associations and organizations:


Certifications

Our team members have extensive experience in using and deploying formal quality programs including ISO 9000, ISO 14000 processes, Six Sigma, Software Engineering Institute (SEI) and VOC (Voice of the Customer) formalized communication and tracking. DivDat has developed its own internal quality control and measurement program based on elements of international standards and has established quarterly User Advisory Group meetings with kiosk clients. Further, DivDat has conducted formal focus groups on the kiosk user experience to further refine the performance and functionality of the software and hardware deployed in DivDat kiosks making them the industry standard for processing of essential bills such as tax payments and utilities.


Image

Commercial

Low initial-cost provider, does not mean low-cost collections.

Image

Meet the Team

Learn more about the people working hard Leveling the Paying Field™

Image

Kiosk Solutions

Learn more about DivDat Kiosk Network and other payment solutions.

Image

Commercial

Low initial-cost provider, does not mean low-cost collections.


Image

Meet the Team

Learn more about the people working hard Leveling the Paying Field™


Image

Kiosk Solutions

Learn more about DivDat Kiosk Network and other payment solutions.